Argo
v3.3.9CI/CD & App Deliveryv3.3.9 is a focused patch addressing four bugs — including a panic in ApplicationSet DuckType Generator and a UI crash in pod logs — plus a Go version bump to resolve CVEs.
securityUpgrade to patch Go-level CVEs
The Go runtime was bumped specifically to resolve CVEs. The release notes don't enumerate the exact CVE IDs, but if you're running 3.3.x in production, upgrade to 3.3.9 now rather than waiting for your next maintenance window. All container images are cosign-signed and SLSA Level 3 provenance is available — verify signatures before deploying if your pipeline requires it.
breakingApplicationSet DuckType Generator panic is now fixed — review affected ApplicationSets
If you use DuckType Generators and have clusters with non-string label values, previous versions would silently panic. After upgrading, those ApplicationSets will now process correctly rather than crashing. Do a quick audit of your ApplicationSet resources post-upgrade to confirm they're reconciling as expected — you may see previously-failing sets suddenly become active.
enhancementOCI metadata caching restored — expect reduced registry pressure
The Redis cache for OCI metadata was broken, meaning every OCI source lookup was hitting the registry directly. With this fix, caching works again. If you use OCI-sourced ApplicationSets or Helm charts, you should see reduced latency and fewer registry requests after upgrading. No configuration change needed.
Key changes (5)
- Fixed panic in ApplicationSet DuckType Generator when encountering non-string values in cluster labels
- Fixed pod logs viewer UI crash caused by stale container index references
- Fixed double-delete error on the server side to prevent spurious errors during cleanup operations
- Fixed OCI metadata put/get to/from Redis cache, restoring proper caching behavior
- Bumped Go version to patch CVEs in the Go standard library